[Oisf-users] libhtp defaults in suricata.yaml

Victor Julien victor at inliniac.net
Fri Aug 10 13:53:20 UTC 2012


On 08/08/2012 06:35 PM, Eoin Miller wrote:
> Wondering if we could increase the values slightly from 3072? Missing a
> good deal of alerting because of these default values. Below is default
> from suricata.yaml:
> 
> ---SNIP---
> libhtp:
> 
>    default-config:
>      personality: IDS
>      # Can be specified in kb, mb, gb.  Just a number indicates
>      # it's in bytes.
>      request-body-limit: 3072
>      response-body-limit: 3072
> ---SNIP---
> 
> 
> Maybe something more like:
> 
> ---SNIP---
> libhtp:
> 
>    default-config:
>      personality: IDS
>      # Can be specified in kb, mb, gb.  Just a number indicates
>      # it's in bytes.
>      request-body-limit: 128kb
>      response-body-limit: 512kb
> ---SNIP---
> 

Can you share sigs (+pcaps) that are not alerting with the default setting?

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-users mailing list